- The purpose of
SecureStringis to avoid having secrets stored in the process memory as plain text. - However, even on Windows,
SecureStringdoesn't exist as an OS concept.- It just makes the window getting the plain text shorter; it doesn't fully prevent it as .NET still has to convert the string to a plain text representation.
- The benefit is that the plain text representation doesn't hang around
as an instance of
System.String-- the lifetime of the native buffer is shorter.
- The contents of the array is unencrypted except on .NET Framework.
- In .NET Framework, the contents of the internal char array is encrypted. .NET doesn't support encryption in all environments, either due to missing APIs or key management issues.
Don't use SecureString for new code. When porting code to .NET Core, consider
that the contents of the array are not encrypted in memory.
The general approach of dealing with credentials is to avoid them and instead rely on other means to authenticate, such as certificates or Windows authentication.